top | item 20056315

(no title)

jdreyfuss | 6 years ago

Checklist author here. Glad you liked the idea!

Figuring out a clean shorthand way to group these best practices was something we definitely thought about. The idea behind using funding rounds was to find something that can work as an easily digestible placeholder for company maturity and capabilities for most SaaS startups. Something closer to “just starting out,” “product-market fit,” and “starting to scale” rather than being specifically about actual funding levels.

Definitely open to feedback if that way of grouping things doesn't resonate!

discuss

andrewstuart|6 years ago

Maybe this concept should just get rid of the CTO aspect and position it as the "SaaS security checklist".

Then gamify it so that all the technical people in the team can each give their independent rating of how the company performs on each checklist item.

Then give each checklist item and owner and assign action items, status and followup discussion.

The outcome of that is something the CTO would be interested in because it would be a dashboard with accountability.

jdreyfuss|6 years ago

Cool idea! I like the self-assessment angle.

We wrote this for CTOs since prior to hiring a dedicated security engineer, security responsibilities in a company often fall to the CTO. But really, any more technical person in a company with some ownership or interest in security can leverage this.

unknown|6 years ago

[deleted]